[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: X11 exploit info
From: "Michal Vaner \(Vorner\)" <michal.vaner () kdemail ! net>
Date: 2006-02-12 12:42:15
Message-ID: 200602121342.16707.michal.vaner () kdemail ! net
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Dne neděle 12 únor 2006 13:12 Christian Mueller napsal(a):
> Am Sonntag, 12. Februar 2006 12:23 schrieb Dave Feustel:
> > On Sunday 12 February 2006 06:02, Ivor Hewitt wrote:
> > > Ok well apart from the fact that this is about an article from 2004
> > > about something that isn't enabled by default and is nothing to do with
> > > KDE dev... :)
> >
> > At least two of the exploits I have found work against kde.
>
> These are no exploits. The articles you linked to are applications
> of the way security works (or doesn't work) on Unixoid systems / X11.
> They describe what root can do in such an environment. That's
> what a cracker could do *after* using an exploit to gain root
> privileges.
No, there is no need for using an exploit, as it can be done by a root on
*OTHER* system to manipulate things on *MY* system.
> It's no surprise that they work on KDE as KDE runs on top
> of these subsystems. There's also nothing KDE can do about it
> so I would still say it's off-topic here (and also on kde-security).
But I agree it should be resolved in the level of X11 and ssh, not KDE.
> It's similar to this:
> "I just discovered a new type of denial-of-service attack against KDE!
> Pulling the power plug crashes KDE reliably and reproducibly.
> I'll email the kde-security list right away. :)
>
>
> Christian.
>
> >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to
> >> unsubscribe <<
--
Ostatně soudím, že uzavřené protokoly a formáty by měly být zničeny, stejně
jako Kartágo.
[Attachment #5 (application/pgp-signature)]
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic